Command Injection Vulnerability in TOTOLINK X18 by TOTOLINK
CVE-2025-61045

Currently unrated

Key Information:

Vendor: TOTOLINK
Status: TOTOLINK X18
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-61045?

The TOTOLINK X18 device has been identified with a command injection vulnerability within the setEasyMeshAgentCfg function. This issue arises from improper handling of the 'mac' parameter, allowing attackers to execute arbitrary commands. Such vulnerabilities can lead to unauthorized access and manipulation of device settings, compromising network integrity and security. It is crucial for users to promptly review their device configurations and apply necessary security updates to mitigate potential exploitation.

References

https://github.com/ilovekeer/IOT/blob/main/TOTOLINK/X18/s...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Sep 26, 2025

JSON